Linked value replication

ABSTRACT

A network computer maintains a directory of objects having multi-valued attributes. The attributes are comprised of individual linked values having conflict-resolution data that indicates a change to an object at an attribute-value level. A second network computer stores a replica of the directory in which a replica of the objects is maintained. The computers replicate the objects in the directories and update the individual linked values of the attributes. Replication conflicts are identified and resolved with the conflict-resolution data at the attribute-value level of the objects.

RELATED APPLICATION

[0001] This application claims priority to U.S. Provisional ApplicationNo. 60/212950, filed Jun. 21, 2000, entitled “Link Value Replication”,to Brown et al.

TECHNICAL FIELD

[0002] This invention relates to network systems and, in particular, tolinked multi-valued object attribute replication in a network-widedirectory service.

BACKGROUND

[0003] In a network-wide directory service maintaining objects havingmulti-valued attribute lists, such as a mail distribution list or apersonnel list for a security-based system, simultaneous updates frommore than one networked data-entry site can cause a replicationconflict. For example, Active Directory™ is an enterprise-wide directoryservice in Windows® 2000 using a state-based, multi-master replicationmodel that is susceptible to replication conflicts with respect to itsobject store structure. Windows™ 2000 is an operating system licensed byMicrosoft Corporation of Redmond, Wash.

[0004] In a network-wide partitioned directory, each domain controllerin a separate domain of the network maintains a copy of a partition ofthe directory which typically contains those objects that are pertinentto only a particular domain. Replication defines that a change to adirectory made on one computer will change the directory on allcomputers in a network having a replica of the directory. A copy of thecontents of one directory partition on a specific domain controller isidentified as a replica. Replication updates replicas among the domaincontrollers that store the same directory partitions. Convergencedefines that if a network system is allowed to reach a steady state inwhich no new updates are occurring, and all previous updates have beencompletely replicated, all replicas ideally converge to the same set ofvalues.

[0005] A multi-master replication model defines that several servers(e.g., the domain controllers) in a network system can contain writeablereplicas of an object that is intended to be kept consistent between theservers. Master replicas accept updates independently withoutcommunicating with other master replicas. If updates cease andreplication continues, all replicas of an object at each server willideally be updated to the same value. Replication propagates changesmade on any specific domain controller to all other domain controllersin the network that store the directory partition in which a changeoccurs.

[0006] A state-based replication model defines that each master appliesupdates, both originating and replicated, to its replica as they arrive.Replication is derived from the current state of the source replica athand. Each directory partition replica stores per-object andper-attribute data to support replication.

[0007] An alternative to a state-based replication model is a log-basedreplication model. In a conventional log-based replication system, eachmaster server keeps a log of any updates that it originates. Whenreplicating, each master server communicates its log to every otherreplica. When receiving a log at a replica, the replica applies the log,bringing its own state more up-to-date.

[0008] With a conventional state-based replication model, there can beconflicts with object attribute value updates because the lowest levelof granularity for updates is at the attribute level of an object, andnot at the attribute value level. Even though an attribute may containmultiple values (i.e., a multi-valued attribute), all of the values areconsidered as a single unit for the purpose of replication. Thefollowing example, described with reference to FIGS. 1 and 2,illustrates the occurrence of a replication conflict when implementing anetwork-wide directory service with a conventional state-basedreplication model.

[0009]FIG. 1 shows a network architecture 100 having a directory servicethat maintains objects associated with a mail distribution list. Thenetwork 100 has a first domain controller 102, computer A, and a seconddomain controller 104, computer B, that are interconnected via acommunications network 106. Computer 102 has a directory 108 that storesa mail group 110(A) which has multiple associated group objects, such asobject 112(A). Group object 112(A), identified as object M, isassociated with mail group 110(A) and identifies the individualrecipients of a mail distribution list in the mail group.

[0010] Computer 104 has a directory 114 which is a replica of directory108 in computer 102. Directory 114 stores a mail group 110(B) which hasan associated group object 112(B), also identified as object M becauseit is a replica of object 112(A) stored in directory 108 at computer102.

[0011] The group object 112 has a data structure 116 that illustratesdata stored in the object. The data structure 116 stores objectproperties, identified as attributes 118, and attribute values for eachattribute, identified as metadata 120. The object 112 has a nameattribute 122 that identifies an association with mail group 110.Metadata 124 indicates the association with the mail group and alsoincludes a latest version number and an update timestamp for the nameattribute 122. The version number, v1, indicates a first version of thename attribute 122 and the timestamp, t1, indicates when the firstversion of the attribute was created.

[0012] The object 112 has an identifier attribute 126 that associates aglobal unique identifier (GUID) in metadata 128 for the object. Eachinstance of the object, 112(A) and 112(B), has a different and uniqueGUID within network 100. Metadata 128 also includes a latest versionnumber, v1, and an update timestamp, t1, for the identifier attribute126.

[0013] The object 112 also has a multi-valued members attribute 130 thatassociates the individual recipients in the mail distribution list.Metadata 132 for the members attribute includes a latest version number,v1, and an update timestamp, t1. Metadata 132 also includes a link tablereference to a data structure 134. Link table 134 maintains the linkedvalues (e.g., the recipients in the mail distribution list) for themulti-valued members attribute 130.

[0014] Link table 134 identifies the object owning the link table atsource 136 which indicates that object M owns the link table. Eachrecipient in the mail distribution list is identified as a referencedobject at destination 138 which, in this example, indicates tworecipients. Link table 134 also identifies the associated objectattribute for each destination 138 at linkID 140. In this example,linkID 140 identifies that each recipient 138 is associated with themembers attribute 130.

[0015] If the list of recipients 138 is changed on computer A, thencomputer B needs to be updated with the changes. During replication,computer A sends computer B the entire contents of the members attribute130, which includes the entire link table 134, because the lowest levelof granularity for conventional replication updates is at the attributelevel of an object, and not at the attribute value level. Although onlya single value within the members attribute value list may be changed(i.e., a recipient is deleted, added, and/or updated), computer A cannotconvey to computer B which recipient has changed. Computer A can onlyconvey that some value in the members attribute 130 has been changed.

[0016] The problem is compounded for a large number of attribute valuesand by the scale of the network. Computer B can only receive the entirecontents of the members attribute 130 and either compare the new objectattribute with what computer B has stored locally to update the change,or computer B can delete its entire local copy of the members attributeand update the attribute with the new copy of members from computer A.Either case presents an efficiency problem for computer B. The problemis further compounded for multiple networked sites each having replicato be updated.

[0017] Furthermore, a conflict occurs during replication when amulti-valued object attribute, such as members, is updated at differentnetworked sites within a relatively short amount of time before ascheduled replication. This is identified as a replication latencyperiod. Changes made to a multi-valued attribute simultaneously, orwithin the replication latency period, can cause a replicationconvergence conflict that will result in the loss of a data update.

[0018] If two independent attribute changes converge from differentnetworked sites, and a first attribute change prevails in a conflictresolution over a second attribute change, then the values of the firstattribute change will replace all of the values of the second attributechange. This policy is acceptable for an attribute that issingle-valued, or when it makes sense to change all of the values of anattribute together as a group. However, replication conflicts can resultin lost data when it is desirable that individual values of amulti-valued object attribute replicate independently.

[0019]FIG. 2. continues the example and illustrates how a replicationconflict can occur between two objects having updated multi-valuedattributes and how resolution of the conflict can result in the loss ofone of the data updates. Initially, as shown in FIG. 1, computer A hasan object 112(A) with a multi-valued members attribute 130. Theattribute has two values, recipient1 and recipient2, in link table 134.Computer B also has an up-to-date replica of object M.

[0020] In FIG. 2, a data administrator at computer A deletes recipient1from the mail distribution list 138(A) in link table 134(A) and, asillustrated, recipient1 no longer exists. The data administrator alsoadds a new recipient3 to the mail distribution list 138(A) as indicatedby 200. Metadata 132(A) for members attribute 130(A) is updated toversion2 (v2) of the mail distribution list occurring at time2 (t2) asindicated by 202.

[0021] Within a replication latency period, such as five minutes orless, for example, a second data administrator at computer B adds a newrecipient4 to the mail distribution list 138(B) as indicated by 204.Metadata 132(B) for members attribute 130(B) is updated to version2 (v2)of the mail distribution list occurring at time3 (t3) as indicated by206.

[0022] When computers A and B replicate directories 108 and 114,respectively, there will be a replication conflict because the membersattribute was updated at both network sites during a replication latencyperiod. Conventionally, the conflict can be resolved by a policy thatallows the most frequent writer to prevail first followed by the lastwriter prevails. That is, the higher version number prevails first,followed by the latest timestamp. In the example, both network siteshave a version2 (v2) in metadata 132 for members attribute 130. Thus,computer B wins the replication conflict because the latest timestamp istime3 (t3) which is later than time2 (t2) at computer A. Otherresolution policies may resolve replication conflicts with only aversion number, or with only a timestamp.

[0023] To replicate, computer A updates metadata 132(A) for membersattribute 130(A) by replacing all of the values for the attribute. Thatis, the entire link table 134(A) is replaced in directory 108 incomputer A with link table 134(B) from computer B. Although not shownspecifically, the resultant replica for object 112 at both of thenetwork sites is that shown for computer B. The mail distribution listat both computers A and B (i.e., the recipient values 138) will includerecipient1, recipient2, and recipient4. The update at computer A toremove recipient1 and add recipient3 is lost in the resolution of thereplication conflict.

[0024] Simultaneous attribute updates at different networked sites cancause a replication convergence that requires a conflict resolution in astate-based replication model because objects are not necessarilyreplicated in the order in which they are updated. Replication conflictsarise because the lowest level of granularity for updates is at theattribute level of an object, and not at the attribute value level. Eventhough an attribute may contain multiple values, all of the values areconsidered as a single unit for the purpose of replication. Updates toindividual values of multi-valued attributes need to be accounted forduring replication to avoid a replication conflict that results in lostdata.

SUMMARY

[0025] A network system domain controller maintains a directory ofobjects having multi-valued attributes. The attributes have multiplelinked values and the individual values have conflict-resolution datathat indicates a change to an object at an attribute-value level. Theconflict-resolution data includes a version number that identifies alatest version of an individual value, an update timestamp thatidentifies when an individual value is updated or changed, and acreation timestamp that identifies when an individual value is created.

[0026] A second network domain controller stores a replica of thedirectory in which a replica of the objects is maintained. The domaincontrollers replicate the objects in the directories and update theindividual linked values of the attributes. Replication conflicts areidentified and resolved with the conflict-resolution data at theattribute-value level of the objects. Additionally, the individualvalues have an associated deletion timestamp that either indicates theexistence of a value in an object, or indicates that a particular valuehas been identified to be deleted from a multi-valued attribute.

BRIEF DESCRIPTION OF THE DRAWINGS

[0027] The same numbers are used throughout the drawings to referencelike features and components.

[0028]FIG. 1 illustrates an example of conventional state-basedreplication.

[0029]FIG. 2 illustrates an example of conventional state-basedreplication.

[0030]FIG. 3 is a block diagram of a network architecture.

[0031]FIG. 4 illustrates data structures in the FIG. 3 networkarchitecture.

[0032]FIG. 5 illustrates data structures in the FIG. 3 networkarchitecture.

[0033]FIG. 6 illustrates data structures in the FIG. 3 networkarchitecture.

[0034]FIG. 7 illustrates data structures in the FIG. 3 networkarchitecture.

[0035]FIG. 8 illustrates data structures in the FIG. 3 networkarchitecture.

[0036]FIG. 9 illustrates a network architecture and a data structure.

[0037]FIG. 10 illustrates data structures in the FIG. 9 networkarchitecture.

[0038]FIG. 11 illustrates data structures in the FIG. 9 networkarchitecture.

[0039]FIG. 12 is a flow diagram of a method for replicating multi-valuedobject attributes.

[0040]FIG. 13 is a diagram of a computing system and environment thatcan be utilized to implement the technology described herein.

DETAILED DESCRIPTION

[0041] The following technology describes systems and methods toindividually replicate multi-valued object attributes. A linked valuereplication model described herein replicates attribute valuesindividually for multi-valued object attributes and reduces thepossibilities of replication conflicts when the attribute valuesconverge at all replicas within a network.

[0042]FIG. 3 shows a network architecture 300 having any number ofdomain controllers 302(1 . . . n) that implement a distributednetwork-wide directory service and that are interconnected via acommunications network 304. The network domain controllers 302 locallyadministrate the network 300 at a particular network branch site.Network domain controller 302(1) is an exemplary computing device of theother domain controllers (i.e., 302(2 . . . n)) in the network 300. Thedomain controllers 302 have a processor 306 and a memory 308. The memory308 stores a directory service 310 that is executable on the processor306.

[0043] The memory 308 also stores a directory 312 of any number ofobjects 314(1 . . . x) that are distributed among the domain controllers302. An update or change to an object 314 at any one domain controllercan be replicated to any of the other domain controllers in the network300 that store a copy of the same object 314. The domain controllers 302communicate replication changes via the communications network 304. Seethe description of “Exemplary Computing System and Environment” belowfor specific examples of the network architectures and systems,computing systems, and system components described herein.

[0044]FIG. 4 shows an example of object data structures in networkarchitecture 300. Network 300 has a first domain controller A,identified as 302, and a second domain controller B, identified as 316,that are interconnected via the communications network 304. Domaincontroller A has a directory 312 that stores a security group 318(A)which has multiple associated group objects, such as object 314(A). Thegroup object 314(A), identified as object S, is associated with thesecurity group 318(A) and identifies individual accounts in a securitylist.

[0045] Domain controller B has a directory 320 which is a replica ofdirectory 312 in domain controller A. Directory 320 stores a securitygroup 318(B) which has an associated group object 314(B), alsoidentified as object S because it is a replica of object 314(A) storedin directory 312 at domain controller A.

[0046] The group object 314 has a data structure 320 that illustratesdata stored in the object. The data structure 320 stores objectproperties, identified as attributes 322, and attribute values for eachattribute, identified as metadata 324. The object 314 has a nameattribute 326 that identifies an association with security group 318.Metadata 328 indicates the association with the security group and alsoincludes a latest version number and an update timestamp for the nameattribute 326. The version number, v1, indicates the first version ofthe name attribute 326 and the timestamp, t1, indicates when the firstversion of the attribute was created.

[0047] The object 314 has an identifier attribute 330 that associates aglobal unique identifier (GUID) in metadata 332 for the object. Eachinstance of the object, 314(A) and 314(B), has a different and uniqueGUID within network 300. Metadata 332 also includes a latest versionnumber, v1, and an update timestamp, t1, for the identifier attribute330.

[0048] The object 314 also has a multi-valued members attribute 334 thatassociates the individual accounts in the security list. Metadata 336for the members attribute does not include a latest version number andupdate timestamp for reasons that will become apparent below. Metadata336 includes a link table reference to a data structure 338. Link table338 maintains the linked values (e.g., the accounts in the securitylist) for the multi-valued members attribute 334.

[0049] Link table 338 identifies the object owning the link table atsource 340 which indicates that object S owns the link table. Eachaccount in the security personnel list is identified as a referencedobject at destination 342 which, in this example, indicates twoaccounts. Link table 338 also identifies the associated object attributefor each destination 342 at linkID 344. In this example, linkID 344identifies that each account 342 is associated with the membersattribute 334.

[0050] The linked values (i.e., accounts 342) of the members attribute334 are like virtual attributes in that the values have identifying anddefining data and exist in the context of the containing object. Linktable 338 maintains valuedata 346 for each account 342 that includes alatest version number and an update timestamp. In addition, link table338 stores a deletion timestamp at delTime 348 to identify if an account342 is to be deleted from the link table.

[0051] A zero value for deletion timestamp 348 indicates that a value(i.e., an account 342) is present in link table 338. A deletiontimestamp 348 that indicates a time identifies that the associated value342 has been identified to be deleted from the linked value list. Thatis, a non-zero value for deletion timestamp 348 indicates that a valueis in an absent state and will not be rendered for display. A deletiontimestamp 348 is necessary as an identifier for record purposes when thedirectory is replicated to indicate that a deletion of a value wasperformed at a networked site. If the value is simply deleted andremoved from the linked value list without an identifier to indicate assuch, there would be no record to update the next directory when thenetwork sites replicate.

[0052] Multi-Valued Attribute Replication

[0053]FIG. 5 illustrates how a replication conflict is avoided when twoobjects having an updated multi-valued attribute are replicated in anetwork implementing a linked value replication model. Initially, asshown in FIG. 4, domain controller A has an object 314(A) with amulti-valued members attribute 334. The attribute has two values,account1 and account2, in link table 338. Domain controller B also hasan up-to-date replica of object S.

[0054] In FIG. 5, a data administrator at domain controller A deletesaccount1 from the security list 342(A) in link table 338(A). Asillustrated, account1 is not removed from link table 338(A), but ratheridentified as having been deleted. Valuedata 346(A) for account1 isupdated to version2 (v2) of the value occurring at time2 (t2) asindicated by 500. To identify that account1 has been deleted, deletiontimestamp 348(A) is updated at time2 (t2) as indicated by 502.

[0055] The data administrator also adds a new account3 to the securitylist 342(A) at domain controller A as indicated by 504. Valuedata 346(A)for account3 is initialized to version1 (v1) of the value occurring attime3 (t3).

[0056] Within a replication latency period, a second data administratorat domain controller B adds a new account 4 to the security list 342(B)as indicated by 506. Valuedata 346(B) for account4 is initialized toversion1 (v1) of the value occurring at time4 (t4).

[0057]FIG. 6 illustrates that when domain controllers A and B replicatedirectories 312 and 320, respectively (FIG. 4), both of the valueupdates are accounted for in the resultant link table 338. Neitherupdate is lost in resolving a replication conflict because the level ofreplication granularity is at the attribute value level, rather than atthe attribute level. The update at domain controller A (delete account1and add account3) and the update at domain controller B (add account4)do not cause a replication conflict because each account 342 has adifferent combination of version number and update timestamp invaluedata 346.

[0058] After domain controllers A and B replicate, and a designatedperiod of time identified as the “tombstone lifetime”, the valueaccount1 is removed (actually deleted) from link table 338 by a separateprocess that recognizes the value as having been identified fordeletion. A tombstone lifetime is the period of time that deletionsexist in a directory before being removed. The process of removing avalue that has been identified for deletion is called “garbagecollection”.

[0059] Link Collision

[0060]FIGS. 7 and 8 illustrate that providing a creation timestamp foran attribute value 342 distinguishes incarnations of the values to avoiddata loss during a “link collision”. A link collision occurs when avalue is deleted (i.e., garbage collected) and then re-created within areplication latency period. A creation timestamp is included invaluedata 346 at the value level to prevent losing a re-created valueduring resolution of a replication conflict.

[0061] Initially, as shown in FIG. 4, domain controller A has an object314(A) with a multi-valued members attribute 334. The attribute has twovalues, account1 and account2, in link table 338. Domain controller Balso has an up-to-date replica of object S. FIG. 7 also shows domaincontrollers A and B each having an up-to-date replica of object S. Forsimplification, only link table 338 for each object 314 is shown in thefigure.

[0062] A creation timestamp, identified with a “c”, is included invaluedata 346 for each account 342 to indicate the creation time of eachvalue. As shown, account1 was created at time c1 and version1 (v1) ofaccount1 occurred at time1 (t1). Account2 was created at time c2 andversion3 (v3) of account2 occurred at time2 (t2). Creation timestampscan be derived independently without having to correlate or synchronizetime with other replicas stored on different computers.

[0063]FIG. 8 shows three instances of object 314(A) in domain controllerA. At instance 800, a data administrator at domain controller A deletesaccount2 from the security list 342(A) in link table 338(A). Valuedata346(A) for account 2 is updated to version4 (v4) of the value occurringat time5 (t5) as indicated by 802. To identify that account2 has beendeleted, deletion timestamp 348(A) is updated at time5 (t5) as indicatedby 804.

[0064] At instance 806 of object 314(A) in domain controller A, theprocess of garbage collection recognizes that account2 has beenidentified for deletion and removes account2 from link table 338(A). Theprocess of garbage collection occurs before replication of domaincontroller A with domain controller B.

[0065] At instance 808 of object 314(A) in domain controller A, the dataadministrator re-creates account2 which is added to the link table342(A). Valuedata 346(A) indicates that account2 was created at time c6and version1 (v1) of account2 occurred at time6 (t6). The version numberis initialized as version1 because account2 is a new value added to thelink table 338(A).

[0066] When domain controllers A and B replicate after account2 wasdeleted and then re-created at domain controller A, there will be areplication conflict to resolve because valuedata 348 for account2 haschanged from the initial state of c2, v3, t2 (FIG. 7) to c6, v1, t6shown in FIG. 8 at 810. Without the creation timestamp, the replica ondomain controller B would prevail in the replication conflict becauseaccount2 was initially identified as version3 (v3), and after havingbeen re-created, is identified as version1 (v1) on domain controller A.If domain controller B prevails, the new account2 created at domaincontroller A would be lost data. However, the replication conflict isresolved in favor of domain controller A because creation timestamp c6is later than the initial creation timestamp c2 at domain controller B.

[0067] Replication Transition from Attribute-Level to AttributeValue-Level

[0068]FIGS. 9, 10, and 11 illustrate an example of managing thearchitectural incompatibilities between directory partitions that arereplicated with a conventional state-based replication model (i.e.,replicated at the attribute level), and updated directory partitionsthat can be replicated with the linked value replication model describedherein (i.e., replicated at the attribute value level). The linked valuereplication model accounts for changes at both the attribute level andthe attribute value level to integrate the directory partitions for thetwo replication models. Replication transition with the linked valuereplication model does not require a manual database conversion, as istypically required of an administrator when implementing a new databasemodel. Conventional replication at the attribute level is identified as“legacy replication” where “legacy” defines a state-based replicationmodel directory partition.

[0069]FIG. 9 shows a network 900 with three networked domain controllers902, 904, and 906 (computers A, B, and C). The domain controllers areinterconnected via a communications network (not shown). The network 900and domain controllers A, B, and C are examples of the network 300 anddomain controllers 302 described above and shown in FIG. 3.

[0070] The computers A, B, and C have a directory 908, 910, and 912,respectively. Each directory stores a replica of a contact group 914which contains a group object 916. The group object 916, identified asobject CG, is associated with the contact group 914 and identifiesindividual clients in a contact list.

[0071] The group object 916 has attributes and metadata as described inrelation to object 314 shown in FIG. 4. The object 916 has amulti-valued members attribute 918 that associates the individualclients in the contact list. Metadata 920 for the members attributeincludes a link table reference to a data structure 922. Link table 922maintains the linked values (e.g., the clients 924 in the contact list)for the multi-valued members attribute 918.

[0072] Link table 922 maintains valuedata 926 and a deletion timestamp928 for each client 924. The valuedata 926, delTime 928, and otheraspects of link table 922 are also described in relation to link table338 shown in FIG. 4.

[0073] Computers A, B, and C initially have a legacy directory replicaof object 916 that has a multi-valued members attribute 918 which hastwo values, client1 and client2. In an initial legacy mode, metadata 920includes a latest version number, v1, and an update timestamp, t1, forthe members attribute 918. Also for an initial legacy mode, valuedata926 for each value (i.e., the clients 924) is null, or zero, and thedeletion timestamp 928 is zero to indicate the existence of a particularvalue.

[0074]FIG. 10 shows an instance of object 916 in each of the computersA, B, and C. For simplification, only the link table 922, membersattribute 918, and metadata 920 for the members attribute is shown inthe figure for each object 916. In this example, computers A and Bimplement the linked value replication model (i.e., “new mode”)described above with respect to FIGS. 4, 5, and 6. Computer C implementsthe conventional state-based replication model (i.e., “legacy mode”).

[0075] At computer A, a data administrator adds a new client3 in linktable 922(A). Because computer A implements linked value replication,valuedata 926(A) for client3 is initialized to version1 (v1) of thevalue occurring at time2 (t2). For a linked value replication model,non-null valuedata is a non-zero value (i.e., valuedata 926(A) forclient 3). That is, a version of a linked value is one or more and validtimestamp is non-zero. Existent, or non-null, valuedata distinguishes alinked value replication model over an attribute replication model. Inthe case of a replication conflict, a linked value having non-nullvaluedata will prevail over a linked value having null valuedata. Thisestablishes a resolution policy that values having conflict resolutiondata prevail over values without conflict resolution data.

[0076] At computer B, a data administrator deletes client2 from linktable 922(B). Because computer B implements linked value replication,the deletion timestamp 928(B) for client2 is updated to time3 (t3) toindicate that the value has been identified for deletion. Valuedata926(B) updates from the null value to version1 (v1) of the valueoccurring at time3 (t3).

[0077] At computer C, a data administrator deletes client1 from linktable 922(C). Because computer C is operating in the legacy mode ofstate-based replication, client1 is actually removed from link table922(C), rather than being identified for deletion at the value levelwith a deletion timestamp. In the legacy mode of state-basedreplication, the value level data is not created. Rather, the attributelevel metadata 920(C) is updated to version2 (v2) of the attributeoccurring at time4 (t4) to indicate that a value of the membersattribute 918(C) has been changed.

[0078]FIG. 11 shows the results of computers A, B, and C replicatingafter the changes to the values in link tables 922(A), 922(B), and922(C), respectively. Domain controllers (servers, computers, etc.)operating with the linked value replication model cannot replicate fromdomain controllers operating under the legacy mode of state-basedreplication. That is, computers A and B cannot replicate from computerC. However, computer C can replicate from computers A and B, but has tofirst “promote” itself to the new mode prior to replicating with eithercomputer A or B. Computer C promotes itself to implement linked valuereplication when it first replicates with a computer in the networkoperating with the linked value replication model.

[0079] Replication transition from attribute level to attribute valuelevel occurs in two stages: first at the attribute level (i.e.,conventional “legacy” replication), and second at the attribute valuelevel. At the attribute level, attributes having a later version numberand/or timestamp are replicated first. This stage of the replicationincludes only those linked values that do not have valuedata.Subsequently, at the value level, values having more recent valuedataare replicated second. With replication transition, values having nullvaluedata are included in the attribute level replication stage andexcluded from the value level replication stage.

[0080] In FIG. 11, computer C first replicates with computer B. Client2exists on computer C as a legacy value (i.e., valuedata 926(C) anddelTime 928(C) for client2 is null, FIG. 10). When replicating withcomputer B, computer B prevails in a replication conflict becauseclient2 has value level data. Computer C updates valuedata 926(C) anddelTime 928(C) for client2 to indicate that the value has beenidentified to be deleted.

[0081] Computer C next replicates with computer A and adds client3 tolink table 922(C). Valuedata 926(C) is initialized to version1 (v1) ofclient3 occurring at time2 (t2). Computer C does not replicate client1from computer A because client1 is a legacy value having no value leveldata.

[0082] Computer B replicates from computer C and updates the change tothe members attribute metadata 920(B) to reflect the update made incomputer C. Computer B then accounts for updates and changes at theattribute level (i.e., members attribute 918(B)), and replicates onlylegacy values without any value level data from computer C. This followsthe conventional state based replication model. However, computer C doesnot have any legacy values without value level data, but rather hasclient2 and client3 each with valuedata 926(C). Thus, computer Breceives an empty list from computer C with no legacy value changes tobe made. This indicates to computer B to remove any local legacy valuesfrom the link table. Accordingly, computer B removes client1 from linktable 922(B).

[0083] After accounting for attribute level replication, computer Breplicates at the value level implementing the link value replicationmodel. Computer B adds client3 from computer C to link table 922(B) andinitializes valuedata 926(B). Computer B does not replicate fromcomputer A because computer B is transitively updated from computer A.Computer C replicates from computer A before computer B replicates fromcomputer C.

[0084] Computer A replicates from computer B and updates the change tomembers attribute metadata 920(A) to reflect the update made in computerB, which was initiated in computer C. Computer A then accounts forupdates and changes at the attribute level (i.e., members attribute918(A)), and replicates only legacy values without any value level datafrom computer B. However, computer B does not have any legacy valueswithout value level data, but rather has client2 and client3 each withvaluedata 926(B). Thus, computer A receives an empty list from computerB with no legacy value changes to be made. This indicates to computer Ato remove any local legacy values. Accordingly, computer A removesclient1 and client 2 from link table 922(A).

[0085] After accounting for attribute level replication, computer Areplicates at the value level implementing the link value replicationmodel. Computer A adds client2 (which does not exist because it was justremoved) from computer B to link table 922(A) and updates valuedata926(A) and delTime 928(A) to indicate that client2 has been identifiedto be deleted. Computer A does not replicate from computer C becausecomputer A is transitively updated from computer C. Computer Breplicates from computer C before computer A replicates from computer B.

[0086]FIG. 11 shows that computers A, B, and C, have all converged tothe same set of values via the link value replication model. The exampleillustrates how directory partitions are replicated from an existingattribute level to a linked value level. The link value replicationmodel reduces the amount of data that is communicated between domaincontrollers in a network when replicating directory partitions, reducesthe possibilities of replication convergence conflicts, and providesarchitectural compatibility between a conventional state-basedreplication model and the link value replication model.

[0087]FIG. 12 illustrates a method to replicate multi-valued objectattributes having attribute-value level conflict-resolution data. Atblock 400, an object stored in a first directory at a network domaincontroller is replicated with a replica of the object stored in a seconddirectory at a second network domain controller. The object has amulti-valued attribute comprised of individual values each havingassociated conflict-resolution data.

[0088] At block 402, the conflict-resolution data for the individualvalues of the object stored in the first directory and of the replica ofthe object stored in the second directory is compared to determine if areplication conflict exists between the individual values. At block 404,a creation timestamp for the individual values is compared to determineif an attribute value, or the replica of the attribute value, haschanged.

[0089] If the creation timestamp indicates that one of the values wascreated after the other (i.e., “yes” from block 404), the attributevalue having the earlier creation timestamp is updated with theattribute value that has the later creation timestamp at block 406. Thatis, the older value created first is replicated with any associated datafrom the newer value that was created last. If the creation timestamp isthe same for the two values (i.e. “no” from block 404), a version numberfor the individual values is compared to determine if an attributevalue, or the replica of the attribute value, has been updated orchanged to a new version at block 408.

[0090] If the version number indicates that one of the values wasupdated or changed to a more recent version (i.e., “yes” from block408), the attribute value having the lower version number is updatedwith the attribute value that has the higher version number at block410. That is, the older value with the lower version number isreplicated with any associated data from the newer value that wasupdated or changed last. If the version number is the same for the twovalues (i.e., “no” from block 408), an update timestamp for theindividual values is compared to determine if an attribute value, or thereplica of the attribute value, has been updated at block 412.

[0091] If the update timestamp indicates that one of the values wasupdated or changed after the other (yet the version number remains thesame) (i.e., “yes” from block 412), the attribute value having theearlier update timestamp is updated with the attribute value that hasthe later update timestamp at block 414. That is, the older value isreplicated with any associated data from the newer value that wasupdated or changed last. If the update timestamp is the same for the twovalues (i.e. “no” from block 412), then there is no replication conflictto be resolved between the individual values of the multi-valued objectattribute (block 416).

[0092] At block 418, a deletion timestamp is evaluated to determine ifan individual value has been identified to be deleted. If the deletiontimestamp is not null (i.e., “no” from block 418), then the value isdeleted from the object attribute at block 420. That is, if a value hasbeen identified to be deleted from the object attribute, then thedeletion timestamp will indicate when the value was marked for deletion.If the deletion timestamp indicates null (i.e., “yes” from block 418),then the method continues to replicate directory objects (at block 400).

[0093] Exemplary Computing System and Environment

[0094]FIG. 13 illustrates an example of a computing environment 500within which the computer, network, and system architectures describedherein can be either fully or partially implemented. Exemplary computingenvironment 500 is only one example of a computing system and is notintended to suggest any limitation as to the scope of use orfunctionality of the network architectures. Neither should the computingenvironment 500 be interpreted as having any dependency or requirementrelating to any one or combination of components illustrated in theexemplary computing environment 500.

[0095] The computer and network architectures can be implemented withnumerous other general purpose or special purpose computing systemenvironments or configurations. Examples of well known computingsystems, environments, and/or configurations that may be suitable foruse include, but are not limited to, personal computers, servercomputers, thin clients, thick clients, hand-held or laptop devices,multiprocessor systems, microprocessor-based systems, set top boxes,programmable consumer electronics, network PCs, minicomputers, mainframecomputers, distributed computing environments that is include any of theabove systems or devices, and the like.

[0096] Link value replication may be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by a computer. Generally, program modules include routines,programs, objects, components, data structures, etc. that performparticular tasks or implement particular abstract data types. Link valuereplication may also be practiced in distributed computing environmentswhere tasks are performed by remote processing devices that are linkedthrough a communications network. In a distributed computingenvironment, program modules may be located in both local and remotecomputer storage media including memory storage devices.

[0097] The computing environment 500 includes a general-purposecomputing system in the form of a computer 502. The components ofcomputer 502 can include, by are not limited to, one or more processorsor processing units 504, a system memory 506, and a system bus 508 thatcouples various system components including the processor 504 to thesystem memory 506.

[0098] The system bus 508 represents one or more of any of several typesof bus structures, including a memory bus or memory controller, aperipheral bus, an accelerated graphics port, and a processor or localbus using any of a variety of bus architectures. By way of example, sucharchitectures can include an Industry Standard Architecture (ISA) bus, aMicro Channel Architecture (MCA) bus, an Enhanced ISA (EISA) bus, aVideo Electronics Standards Association (VESA) local bus, and aPeripheral Component Interconnects (PCI) bus also known as a Mezzaninebus.

[0099] Computer system 502 typically includes a variety of computerreadable media. Such media can be any available media that is accessibleby computer 502 and includes both volatile and non-volatile media,removable and non-removable media. The system memory 506 includescomputer readable media in the form of volatile memory, such as randomaccess memory (RAM) 510, and/or non-volatile memory, such as read onlymemory (ROM) 512. A basic input/output system (BIOS) 514, containing thebasic routines that help to transfer information between elements withincomputer 502, such as during start-up, is stored in ROM 512. RAM 510typically contains data and/or program modules that are immediatelyaccessible to and/or presently operated on by the processing unit 504.

[0100] Computer 502 can also include other removable/non-removable,volatile/non-volatile computer storage media. By way of example, FIG. 13illustrates a hard disk drive 516 for reading from and writing to anon-removable, non-volatile magnetic media (not shown), a magnetic diskdrive 518 for reading from and writing to a removable, non-volatilemagnetic disk 520 (e.g., a “floppy disk”), and an optical disk drive 522for reading from and/or writing to a removable, non-volatile opticaldisk 524 such as a CD-ROM, DVD-ROM, or other optical media. The harddisk drive 516, magnetic disk drive 518, and optical disk drive 522 areeach connected to the system bus 508 by one or more data mediainterfaces 526. Alternatively, the hard disk drive 516, magnetic diskdrive 518, and optical disk drive 522 can be connected to the system bus508 by a SCSI interface (not shown).

[0101] The disk drives and their associated computer-readable mediaprovide non-volatile storage of computer readable instructions, datastructures, program modules, and other data for computer 502. Althoughthe example illustrates a hard disk 516, a removable magnetic disk 520,and a removable optical disk 524, it is to be appreciated that othertypes of computer readable media which can store data that is accessibleby a computer, such as magnetic cassettes or other magnetic storagedevices, flash memory cards, CD-ROM, digital versatile disks (DVD) orother optical storage, random access memories (RAM), read only memories(ROM), electrically erasable programmable read-only memory (EEPROM), andthe like, can also be utilized to implement the exemplary computingsystem and environment.

[0102] Any number of program modules can be stored on the hard disk 516,magnetic disk 520, optical disk 524, ROM 512, and/or RAM 510, includingby way of example, an operating system 526, one or more applicationprograms 528, other program modules 530, and program data 532. Each ofsuch operating system 526, one or more application programs 528, otherprogram modules 530, and program data 532 (or some combination thereof)may include an embodiment of link value replication.

[0103] Computer system 502 can include a variety of computer readablemedia identified as communication media. Communication media typicallyembodies computer readable instructions, data structures, programmodules, or other data in a modulated data signal such as a carrier waveor other transport mechanism and includes any information deliverymedia. The term “modulated data signal” means a signal that has one ormore of its characteristics set or changed in such a manner as to encodeinformation in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared, and other wireless media. Combinations of any of the above arealso included within the scope of computer readable media.

[0104] A user can enter commands and information into computer system502 via input devices such as a keyboard 534 and a pointing device 536(e.g., a “mouse”). Other input devices 538 (not shown specifically) mayinclude a microphone, joystick, game pad, satellite dish, serial port,scanner, and/or the like. These and other input devices are connected tothe processing unit 604 via input/output interfaces 540 that are coupledto the system bus 508, but may be connected by other interface and busstructures, such as a parallel port, game port, or a universal serialbus (USB).

[0105] A monitor 542 or other type of display device can also beconnected to the system bus 508 via an interface, such as a videoadapter 544. In addition to the monitor 542, other output peripheraldevices can include components such as speakers (not shown) and aprinter 546 which can be connected to computer 502 via the input/outputinterfaces 540.

[0106] Computer 502 can operate in a networked environment using logicalconnections to one or more remote computers, such as a remote computingdevice 548. By way of example, the remote computing device 548 can be apersonal computer, portable computer, a server, a router, a networkcomputer, a peer device or other common network node, and the like. Theremote computing device 548 is illustrated as a portable computer thatcan include many or all of the elements and features described hereinrelative to computer system 502.

[0107] Logical connections between computer 502 and the remote computer548 are depicted as a local area network (LAN) 550 and a general widearea network (WAN) 552. Such networking environments are commonplace inoffices, enterprise-wide computer networks, intranets, and the Internet.When implemented in a LAN networking environment, the computer 502 isconnected to a local network 550 via a network interface or adapter 554.When implemented in a WAN networking environment, the computer 502typically includes a modem 556 or other means for establishingcommunications over the wide network 552. The modem 556, which can beinternal or external to computer 502, can be connected to the system bus508 via the input/output interfaces 540 or other appropriate mechanisms.It is to be appreciated that the illustrated network connections areexemplary and that other means of establishing communication link(s)between the computers 502 and 548 can be employed.

[0108] In a networked environment, such as that illustrated withcomputing environment 500, program modules depicted relative to thecomputer 502, or portions thereof, may be stored in a remote memorystorage device. By way of example, remote application programs 558reside on a memory device of remote computer 548. For purposes ofillustration, application programs and other executable programcomponents, such as the operating system, are illustrated herein asdiscrete blocks, although it is recognized that such programs andcomponents reside at various times in different storage components ofthe computer system 502, and are executed by the data processor(s) ofthe computer.

[0109] Conclusion

[0110] Although the systems and methods have been described in languagespecific to structural features and/or methodological steps, it is to beunderstood that the technology defined in the appended claims is notnecessarily limited to the specific features or steps described. Rather,the specific features and steps are disclosed as preferred forms ofimplementing the claimed invention.

1. A network system, comprising: a first computer configured to maintainan object having an attribute, the attribute comprised of individualvalues, the individual values having conflict-resolution data; a secondcomputer configured to maintain a replica object, the replica objectbeing replicated from the object; and the second computer furtherconfigured to replicate the object from the first computer and resolve areplication conflict between a value of the attribute in the object andthe value of the attribute in the replica object, the replicationconflict being resolved with the conflict-resolution data.
 2. A networksystem as recited in claim 1, wherein the second computer is furtherconfigured to compare the conflict-resolution data associated with thevalue of the attribute in the object and the conflict-resolution dataassociated with the value of the attribute in the replica object toresolve the replication conflict.
 3. A network system as recited inclaim 1, wherein the conflict-resolution data comprises a versionindicator that corresponds to a version of an individual value.
 4. Anetwork system as recited in claim 1, wherein the conflict-resolutiondata comprises a version number that corresponds to a version of anindividual value, and wherein the second computer is further configuredto: compare the version number associated with the value of theattribute in the object and the version number associated with the valueof the attribute in the replica object to resolve the replicationconflict; and update the value of the attribute in the replica object ifthe value has a lower version number than the value of the attribute inthe object.
 5. A network system as recited in claim 1, wherein theconflict-resolution data comprises an update indicator that correspondsto when an individual value is updated.
 6. A network system as recitedin claim 1, wherein the conflict-resolution data comprises an updatetimestamp that corresponds to when an individual value is updated, andwherein the second computer is further configured to: compare the updatetimestamp associated with the value of the attribute in the object andthe update timestamp associated with the value of the attribute in thereplica object to resolve the replication conflict; and update the valueof the attribute in the replica object if the value has an earlierupdate timestamp than the value of the attribute in the object.
 7. Anetwork system as recited in claim 1, wherein the conflict-resolutiondata comprises a creation indicator that corresponds to when anindividual value is created.
 8. A network system as recited in claim 1,wherein the conflict-resolution data comprises a creation timestamp thatcorresponds to when an individual value is created, and wherein thesecond computer is further configured to: compare the creation timestampassociated with the value of the attribute in the object and thecreation timestamp associated with the value of the attribute in thereplica object to resolve the replication conflict; and update the valueof the attribute in the replica object if the value has an earliercreation timestamp than the value of the attribute in the object.
 9. Anetwork system as recited in claim 1, wherein the conflict-resolutiondata comprises a version indicator that corresponds to a version of anindividual value and an update indicator that corresponds to when theindividual value is updated.
 10. A network system as recited in claim 1,wherein the conflict-resolution data comprises a version number thatcorresponds to a version of an individual value and an update timestampthat corresponds to when the individual value is updated, and whereinthe second computer is further configured to: compare theconflict-resolution data associated with the value of the attribute inthe object and the conflict-resolution data associated with the value ofthe attribute in the replica object; and resolve the replicationconflict in favor of the value that first has a higher version number,and second has a later update timestamp.
 11. A network system as recitedin claim 1, wherein the conflict-resolution data comprises a versionnumber that corresponds to a version of an individual value and anupdate timestamp that corresponds to when the individual value isupdated, and wherein the second computer is further configured to:compare the conflict-resolution data associated with the value of theattribute in the object and the conflict-resolution data associated withthe value of the attribute in the replica object to resolve thereplication conflict; update the value of the attribute in the replicaobject if the value has a lower version number than the value of theattribute in the object; and if the version number associated with thevalue of the attribute in the replica object is equivalent to theversion number associated with the value of the attribute in the object,update the value of the attribute in the replica object if the value hasan earlier update timestamp than the value of the attribute in theobject.
 12. A network system as recited in claim 1, wherein theconflict-resolution data comprises a creation indicator that correspondsto when an individual value is created, a version indicator thatcorresponds to a version of the individual value, and an updateindicator that corresponds to when the individual value is updated. 13.A network system as recited in claim 1, wherein the conflict-resolutiondata comprises a creation timestamp that corresponds to when anindividual value is created, a version number that corresponds to aversion of the individual value, and an update timestamp thatcorresponds to when the individual value is updated, and wherein thesecond computer is further configured to: compare theconflict-resolution data associated with the value of the attribute inthe object and the conflict-resolution data associated with the value ofthe attribute in the replica object; and resolve the replicationconflict in favor of the value that first has a later creationtimestamp, second has a higher version number, and third has a laterupdate timestamp.
 14. A network system as recited in claim 1, whereinthe conflict-resolution data comprises a creation timestamp thatcorresponds to when an individual value is created, a version numberthat corresponds to a version of the individual value, and an updatetimestamp that corresponds to when the individual value is updated, andwherein the second computer is further configured to: compare theconflict-resolution data associated with the value of the attribute inthe object and the conflict-resolution data associated with the value ofthe attribute in the replica object to resolve the replication conflict;update the value of the attribute in the replica object if the value hasan earlier creation timestamp than the value of the attribute in theobject; if the creation timestamp associated with the value of theattribute in the replica object is equivalent to the creation timestampassociated with the value of the attribute in the object, update thevalue of the attribute in the replica object if the value has a lowerversion number than the value of the attribute in the object; and if theversion number associated with the value of the attribute in the replicaobject is equivalent to the version number associated with the value ofthe attribute in the object, update the value of the attribute in thereplica object if the value has an earlier update timestamp than thevalue of the attribute in the object.
 15. A network system as recited inclaim 1, wherein the individual values have an associated deletionindicator that is a null identifier to indicate the existence of a valueof the attribute in the object.
 16. A network system as recited in claim1, wherein the individual values have an associated deletion indicatorthat corresponds to when an individual value is marked for deletion fromthe attribute in the object.
 17. A network system as recited in claim 1,wherein the individual values have an associated deletion timestamp thatcorresponds to when an individual value is marked for deletion from theattribute in the object, and wherein the second computer is furtherconfigured to delete a value from the attribute in the object if thevalue has a deletion timestamp that indicates the value is marked fordeletion.
 18. A state-based replication system, comprising: an objecthaving an attribute comprised of values, individual values havingindicators to indicate a change to a value of the attribute; a computingdevice configured to replicate the object and, with the indicators,identify a change to a value of the attribute.
 19. A state-basedreplication system as recited in claim 18, wherein the computing deviceis further configured to: maintain a replica object, the replica objectbeing replicated from the object; and compare the object with thereplica object to identify, with the indicators, a value replicationconflict.
 20. A state-based replication system as recited in claim 18,wherein the indicators comprise a version indicator that corresponds toa version of a value.
 21. A state-based replication system as recited inclaim 18, wherein the indicators comprise an update indicator thatcorresponds to when a value is changed.
 22. A state-based replicationsystem as recited in claim 18, wherein the indicators comprise acreation indicator that corresponds to when a value is created.
 23. Astate-based replication system as recited in claim 18, wherein theindicators comprise a version number that corresponds to a version of avalue and an update timestamp that corresponds to when the value ischanged.
 24. A state-based replication system as recited in claim 18,wherein the indicators comprise a creation timestamp that corresponds towhen a value is created, a version number that corresponds to a versionof the value, and an update timestamp that corresponds to when the valueis changed.
 25. A state-based replication system as recited in claim 18,wherein the indicators comprise a deletion indicator that has a nullidentifier to indicate the existence of a value of the attribute.
 26. Astate-based replication system as recited in claim 18, wherein theindicators comprise a deletion timestamp that corresponds to when avalue is marked for deletion from the attribute.
 27. A state-basedreplication system, comprising: a first computer configured to maintaina first data structure, the first data structure having a multi-valuedattribute comprised of linked values, individual linked values havingconflict-resolution information to indicate a change to a value of theattribute; a second computer configured to maintain a second datastructure having the multi-valued attribute comprised of the linkedvalues; and the first and second data structures configured to bereplicated and to have a replication conflict between a value of theattribute in the first data structure and a value of the attribute inthe second data structure resolved with the conflict-resolutioninformation associated with the values.
 28. A state-based replicationsystem as recited in claim 27, wherein the first and second computersare further configured to: compare the conflict-resolution informationassociated with the value of the attribute in the first data structurewith the conflict-resolution information associated with the value ofthe attribute in the second data structure; identify a replicationconflict; and resolve the replication conflict with theconflict-resolution information associated with the values.
 29. Astate-based replication system as recited in claim 27, wherein theconflict-resolution information comprises a version indicator thatcorresponds to a version of an individual linked value.
 30. Astate-based replication system as recited in claim 27, wherein: theconflict-resolution information comprises a version number thatcorresponds to a version of an individual linked value; the first andsecond computers are further configured to compare the version numberassociated with the linked value of the attribute in the first datastructure with the version number associated with the linked value ofthe attribute in the second data structure; the first computer isfurther configured to update the linked value of the attribute in thefirst data structure if the linked value has a lower version number thanthe linked value of the attribute in the second data structure; and thesecond computer is further configured to update the linked value of theattribute in the second data structure if the linked value has a lowerversion number than the linked value of the attribute in the first datastructure.
 31. A state-based replication system as recited in claim 27,wherein the conflict-resolution information comprises an updateindicator that corresponds to when an individual linked value ischanged.
 32. A state-based replication system as recited in claim 27,wherein: the conflict-resolution information comprises an updatetimestamp that corresponds to when an individual linked value ischanged; the first and second computers are further configured tocompare the update timestamp associated with the linked value of theattribute in the first data structure with the update timestampassociated with the linked value of the attribute in the second datastructure; the first computer is further configured to update the linkedvalue of the attribute in the first data structure if the linked valuehas an earlier update timestamp than the linked value of the attributein the second data structure; and the second computer is furtherconfigured to update the linked value of the attribute in the seconddata structure if the linked value has an earlier update timestamp thanthe linked value of the attribute in the first data structure.
 33. Astate-based replication system as recited in claim 27, wherein theconflict-resolution information comprises a creation indicator thatcorresponds to when an individual linked value is created.
 34. Astate-based replication system as recited in claim 27, wherein: theconflict-resolution information comprises a creation timestamp thatcorresponds to when an individual linked value is created; the first andsecond computers are further configured to compare the creationtimestamp associated with the linked value of the attribute in the firstdata structure with the creation timestamp associated with the linkedvalue of the attribute in the second data structure; the first computeris further configured to update the linked value of the attribute in thefirst data structure if the linked value has an earlier creationtimestamp than the linked value of the attribute in the second datastructure; and the second computer is further configured to update thelinked value of the attribute in the second data structure if the linkedvalue has an earlier creation timestamp than the linked value of theattribute in the first data structure.
 35. A state-based replicationsystem as recited in claim 27, wherein the conflict-resolutioninformation comprises a version indicator that corresponds to a versionof an individual linked value and an update indicator that correspondsto when the individual linked value is changed.
 36. A state-basedreplication system as recited in claim 27, wherein theconflict-resolution information comprises a creation indicator thatcorresponds to when an individual linked value is created, a versionindicator that corresponds to a version of the individual linked value,and an update indicator that corresponds to when the individual linkedvalue is changed.
 37. A state-based replication system as recited inclaim 27, wherein the individual linked values have an associateddeletion indicator that is a null identifier to indicate the existenceof a linked value of the multi-valued attribute.
 38. A state-basedreplication system as recited in claim 27, wherein the individual linkedvalues have an associated deletion indicator that corresponds to when anindividual linked value is marked for deletion from the multi-valuedattribute.
 39. A computer-readable medium having stored thereon a datastructure, comprising: a first data field containing an attribute; asecond data field containing a value of the attribute contained in thefirst data field; a third data field containing a version indicatorcorresponding to a version of the value contained in the second datafield; and a fourth data field containing an update indicatorcorresponding to when the version indicator contained in the third datafield is changed.
 40. A computer-readable medium as recited in claim 39,wherein the data structure further comprises a fifth data fieldcontaining a creation indicator corresponding to when the valuecontained in the second data field is created.
 41. A computer-readablemedium as recited in claim 39, wherein the data structure furthercomprises a sixth data field containing a deletion indicatorcorresponding to the value contained in the second data field andconfigured to indicate when the value is marked for deletion from thedata structure.
 42. A network system, comprising: a first computerconfigured to replicate objects at an attribute level, and furtherconfigured to maintain an object having a multi-valued attribute, themulti-valued attribute comprised of individual values; a second computerconfigured to replicate objects at an attribute value level, and furtherconfigured to maintain a second object, the second object having amulti-valued attribute comprised of individual values, the individualvalues configured to have conflict-resolution data; the first computerfurther configured to: replicate the second object from the secondcomputer; resolve a replication conflict between the object and thesecond object at the attribute level; and resolve a replication conflictbetween the object and the second object at the attribute value levelwith the conflict-resolution data.
 43. A network system as recited inclaim 42, wherein the first computer first resolves the replicationconflict between the object and the second object at the attributelevel, and second resolves the replication conflict between the objectand the second object at the attribute value level.
 44. A network systemas recited in claim 42, wherein the first computer does not replicate avalue from the second object if the value does not haveconflict-resolution data.
 45. A network system as recited in claim 42,wherein the first computer does not replicate a value from the secondobject if the value has null conflict-resolution data.
 46. A networksystem as recited in claim 42, wherein the first computer resolves thereplication conflict between the object and the second object at theattribute value level in favor of a value that has conflict-resolutiondata.
 47. A network system as recited in claim 42, wherein the firstcomputer resolves the replication conflict between the object and thesecond object at the attribute value level in favor of a value that hasnon-null conflict-resolution data.
 48. A network system as recited inclaim 42, wherein the second computer is further configured to:replicate the object from the first computer; resolve a replicationconflict between the object and the second object at the attributelevel; and resolve a replication conflict between the object and thesecond object at the attribute value level with the conflict-resolutiondata.
 49. A network system as recited in claim 48, wherein the secondcomputer first resolves the replication conflict between the object andthe second object at the attribute level, and second resolves thereplication conflict between the object and the second object at theattribute value level.
 50. A network system as recited in claim 48,wherein the second computer does not replicate a value from the objectif the value does not have conflict-resolution data.
 51. A networksystem as recited in claim 48, wherein the second computer does notreplicate a value from the object if the value has nullconflict-resolution data.
 52. A network system as recited in claim 48,wherein the second computer resolves the replication conflict betweenthe object and the second object at the attribute value level in favorof a value that has conflict-resolution data.
 53. A network system asrecited in claim 48, wherein the second computer resolves thereplication conflict between the object and the second object at theattribute value level in favor of a value that has non-nullconflict-resolution data.
 54. A network system as recited in claim 48,wherein the second computer is further configured to delete a value fromthe second object if the value does not have conflict resolution data,and if the value is not replicated from the object.
 55. A method,comprising: replicating an object stored in a first directory with areplica object stored in a second directory, the object and the replicaobject having an attribute comprised of individual values, theindividual values having conflict-resolution data; comparing a value ofthe attribute in the object with a value of the attribute in the replicaobject to identify a replication conflict; and resolving the replicationconflict with the conflict-resolution data.
 56. A method as recited inclaim 55, wherein the conflict-resolution data comprises a versionnumber that corresponds to a version of an individual value, and whereinsaid comparing comprises determining if a value version number has beenchanged
 57. A method as recited in claim 55, wherein theconflict-resolution data comprises a version number that corresponds toa version of an individual value, said comparing comprises determiningif a value version number has been changed, and the method furthercomprises updating the value of the attribute that has a lower versionnumber with the value of the attribute that has a higher version number.58. A method as recited in claim 55, wherein the conflict-resolutiondata comprises an update timestamp that corresponds to when anindividual value is changed, and wherein said comparing comprisesdetermining if a value update timestamp has been changed.
 59. A methodas recited in claim 55, wherein the conflict-resolution data comprisesan update timestamp that corresponds to when an individual value ischanged, said comparing comprises determining if a value updatetimestamp has been changed, and the method further comprises updatingthe value of the attribute that has an earlier update timestamp with thevalue of the attribute that has a later update timestamp.
 60. A methodas recited in claim 55, wherein the conflict-resolution data comprises acreation timestamp that corresponds to when an individual value iscreated, and wherein said comparing comprises determining if a creationtimestamp has been changed.
 61. A method as recited in claim 55, whereinthe conflict-resolution data comprises a creation timestamp thatcorresponds to when an individual value is created, said comparingcomprises determining if a creation timestamp has been changed, and themethod further comprises updating the value of the attribute that has anearlier creation timestamp with the value of the attribute that has alater creation timestamp.
 62. A method as recited in claim 55, whereinthe conflict-resolution data comprises a version number that correspondsto a version of an individual value and an update timestamp thatcorresponds to when the individual value is changed, and wherein saidcomparing comprises determining if a value version number has beenchanged and if the value update timestamp has been changed.
 63. A methodas recited in claim 55, wherein the conflict-resolution data comprises aversion number that corresponds to a version of an individual value andan update timestamp that corresponds to when the individual value ischanged, and the method further comprises updating the value of theattribute that first has a lower version number, and second has anearlier update timestamp.
 64. A computer-readable medium comprisingcomputer executable instructions that, when executed, direct a computingsystem to perform the method of claim
 63. 65. A method as recited inclaim 55, wherein the conflict-resolution data comprises a creationtimestamp that corresponds to when an individual value is created, aversion number that corresponds to a version of the individual value,and an update timestamp that corresponds to when the individual value ischanged, and wherein said comparing comprises determining if a valuecreation timestamp has been changed, if the value version number hasbeen changed, and if the value update timestamp has been changed.
 66. Amethod as recited in claim 55, wherein the conflict-resolution datacomprises a creation timestamp that corresponds to when an individualvalue is created, a version number that corresponds to a version of theindividual value, and an update timestamp that corresponds to when theindividual value is changed, and the method further comprises updatingthe value of the attribute that first has an earlier creation timestamp,second has a lower version number, and third has an earlier updatetimestamp.
 67. A computer-readable medium comprising computer executableinstructions that, when executed, direct a computing system to performthe method of claim
 66. 68. A method as recited in claim 55, wherein theindividual values have a deletion timestamp that is a null identifier toindicate the existence of a value of the attribute.
 69. A method asrecited in claim 55, wherein the individual values have a deletiontimestamp that corresponds to when an individual value is marked fordeletion from the attribute.
 70. A method as recited in claim 55,wherein the individual values have a deletion timestamp that correspondsto when an individual value is marked for deletion from the attribute,and the method further comprises deleting a value from the attribute ifthe value has a deletion timestamp that indicates the value is markedfor deletion.
 71. A computer-readable medium comprising computerexecutable instructions that, when executed, direct a computing systemto perform the method of claim
 70. 72. A computer-readable mediumcomprising computer executable instructions that, when executed, directa computing system to perform the method of claim
 55. 73. A method forreplicating a linked value of a multi-valued attribute contained in anobject, the linked value having conflict-resolution information andreplicated from a replica object having the multi-valued attribute andthe linked value, the method comprising: comparing theconflict-resolution information associated with the linked value in theobject with the conflict-resolution information associated with thelinked value in the replica object; identifying a replication conflictwith the conflict-resolution information; and resolving the replicationconflict with the conflict-resolution information.
 74. A method asrecited in claim 73, wherein the conflict-resolution informationcomprises a version number that corresponds to a version of the linkedvalue, and the method further comprising: determining if the linkedvalue version number has been changed; and updating the linked value ofthe attribute that has a lower version number with the linked value ofthe attribute that has a higher version number.
 75. A method as recitedin claim 73, wherein the conflict-resolution information comprises anupdate timestamp that corresponds to when the linked value is changed,and the method further comprising: determining if the linked valueupdate timestamp has been changed; and updating the linked value of theattribute that has an earlier update timestamp with the linked value ofthe attribute that has a later update timestamp.
 76. A method as recitedin claim 73, wherein the conflict-resolution information comprises acreation timestamp that corresponds to when the linked value is created,and the method further comprising: determining if the linked valuecreation timestamp has been changed; and updating the linked value ofthe attribute that has an earlier creation timestamp with the linkedvalue of the attribute that has a later creation timestamp.
 77. A methodas recited in claim 73, wherein the conflict-resolution informationcomprises a creation timestamp that corresponds to when the linked valueis created, a version number that corresponds to a version of the linkedvalue, and an update timestamp that corresponds to when the linked valueis changed.
 78. A method as recited in claim 73, wherein theconflict-resolution information comprises a creation timestamp thatcorresponds to when the linked value is created, a version number thatcorresponds to a version of the linked value, and an update timestampthat corresponds to when the linked value is changed, and the methodfurther comprises updating the linked value of the attribute if thelinked value first has an earlier creation timestamp, second has a lowerversion number, and third has an earlier update timestamp.
 79. Acomputer-readable medium comprising computer executable instructionsthat, when executed, direct a computing system to perform the method ofclaim
 78. 80. A computer-readable medium comprising computer executableinstructions that, when executed, direct a computing system to performthe method of claim
 73. 81. A method, comprising: replicating a firstobject with a second object, the first object having an attributecomprised of individual values, the second object having an attributecomprised of individual values configured to have associatedconflict-resolution data; resolving first a replication conflict betweenthe first object and the second object at an attribute level; andresolving second, with the conflict-resolution data, a replicationconflict between the first object and the second object at an attributevalue level.
 82. A method as recited in claim 81, further comprisingdetermining whether a value corresponding to the second object hasconflict-resolution data and said replicating the value if saiddetermining that the value has conflict-resolution data.
 83. A method asrecited in claim 81, further comprising determining whether a valuecorresponding to the second object has non-null conflict-resolution dataand said replicating the value if said determining that the value hasnon-null conflict-resolution data.
 84. A method as recited in claim 81,said resolving the replication conflict between the first object and thesecond object at the attribute value level in favor of a value that hasconflict-resolution data.
 85. A method as recited in claim 81, furthercomprising deleting a value corresponding to the second object if thevalue does not have conflict-resolution data and if the value is notreplicated.
 86. A computer-readable medium comprising computerexecutable instructions that, when executed, direct a computing systemto perform the method of claim 81.